Filtered by vendor Php
Subscriptions
Total
749 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0346 | 1 Php | 1 Php Fi | 2024-11-20 | N/A |
| CGI PHP mlog script allows an attacker to read any file on the target server. | ||||
| CVE-1999-0238 | 1 Php | 1 Php | 2024-11-20 | N/A |
| php.cgi allows attackers to read any file on the system. | ||||
| CVE-1999-0068 | 1 Php | 1 Php | 2024-11-20 | N/A |
| CGI PHP mylog script allows an attacker to read any file on the target server. | ||||
| CVE-1999-0058 | 1 Php | 1 Php | 2024-11-20 | N/A |
| Buffer overflow in PHP cgi program, php.cgi allows shell access. | ||||
| CVE-2024-48581 | 1 Php | 1 Best Courier Management System | 2024-10-28 | 9.8 Critical |
| File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component. | ||||
| CVE-2024-48579 | 1 Php | 1 Best House Rental Management System | 2024-10-28 | 9.8 Critical |
| SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. | ||||
| CVE-2024-48580 | 1 Php | 1 Best Courier Management System | 2024-10-28 | 9.8 Critical |
| SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request. | ||||
| CVE-2024-8926 | 2 Php, Php-fpm | 2 Php, Php-fpm | 2024-10-16 | 8.1 High |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | ||||
| CVE-2024-9026 | 3 Php, Php-fpm, Redhat | 3 Php, Php-fpm, Enterprise Linux | 2024-10-16 | 3.3 Low |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. | ||||